Understanding Removal of Resources with Terraform
When you are working in a declarative configuration model, instead of configuring objects of the data model for “deletion” or “removal”, the absence of the object in the data model is what indicates that the object should be removed from the configuration.
Terraform not only creates and updates resources—it also handles safe and predictable removal of any resources that are no longer defined in the configuration. This behavior is a core part of Infrastructure as Code, ensuring that the deployed environment always reflects the desired state.
Terraform tracks every managed resource in the state file. During a terraform plan, it compares:
- What is currently deployed (from the state),
- What should exist (from your configuration files). If a resource exists in the state file but no longer appears in your configuration, Terraform marks it for deletion.
Let’s check one example. You do not need to follow along, this is just for education purposes:
In our configuration, let’s say we have defined snmp:
... snmp: access: users users: - username: ${snmp_username} passphrase: !env secret_passwordIf we decide that we do not want to have it configured anymore, we simply remove above configuration from the YAML file.
When re-running the terraform plan, it will identify that the resource will be destroyed:
# module.meraki.meraki_network_snmp.networks_snmp["US/Unified Branch Learning Org/Unified Branch"] will be destroyed # (because key ["US/Unified Branch Learning Org/Unified Branch"] is not in for_each map) - resource "meraki_network_snmp" "networks_snmp" { - access = "users" -> null - id = "L_3859584880656524698" -> null - network_id = "L_3859584880656524698" -> null - users = [ - { - passphrase = "C1sco12345!!66" -> null - username = "snmpuser" -> null }, ] -> null }Always review the plan carefully before applying to understand the impact, especially when deletions are involved.